04 May What is GDPR? Does Your Website Need to Be GDPR Compliant?

Ready or Not, Here Comes GDPR: What You Need to Know – and Do – to be Compliant

You’ve probably heard about the European Union’s (EU) General Data Protection Regulation (GDPR) that takes effect on May 25. Although it’s receiving scant attention in the news, GDPR is sounding a depth charge among American companies as it implements sweeping changes on businesses that deal with customer data – which may very well include yours. In other words, GDPR compliance isn’t just for EU-based companies. Here’s what you need to know.

“In the U.S., personal information is often collected as a matter of course, with only an ‘opt out’ offered to consumers. By contrast, GDPR requires that in order to collect information from EU data subjects, an affirmative ‘opt in’ consent must be obtained that clearly specifies how the data will be used. Privacy policies must match. Then, once information is obtained, the EU data subject has the right to request that his or her data be deleted; that is, to invoke the right ‘to be forgotten.’ Incorrect information must be corrected upon request. These rights may seem simple enough, but when data is held in multiple locations, developing a process to handle such requests may be quite difficult.”

WordPress & GDPR Compliance

As implied in all this, a key part of GDPR is the business’ responsibility to secure customer data and websites to prevent data breaches, phishing and other forms of malicious online activity. Search Engine Watch turned attention to WordPress, noting that estimates show WordPress is used by 25-40% of the internet – and given its widespread popularity and usage, it is a prime target for hackers.

WordPress is prepared for GDPR, introducing its GDPR Compliance Team and providing information on how WordPress is paving the way with new privacy tools.

The GDPR Compliance Team is focusing on four main areas:

• Adding functionality to assist site owners in creating comprehensive privacy policies for their websites.

Social media marketers now need to ensure that the data they collect – as well as how they collect the data – from EU members is GDPR complaint. According to Social Media Examiner, collection of personal data from an EU resident requires obtaining explicit consent, which generally means that the consent should be:

Voluntary – Have the user take affirmative action.

Specific and informed – Make sure people are aware of what you’re collecting, how it’s being used, and whom it may be shared with.

Unambiguous – Don’t disguise with redirects to terms of service overflowing with legal jargon.

• A whopping 60% of organizations are at risk of missing the GDPR deadline. Only 7% of surveyed organizations say they are in full compliance with GDPR requirements today, and 33% state they are well on their way to compliance deadline.

• While 80% confirm GDPR is a top priority for their organization, only half say they are knowledgeable about the data privacy legislation or have deep expertise; an alarming 25% have no or only very limited knowledge of the law.

• The primary compliance challenges are lack of expert staff (43%), closely followed by lack of budget (40%), and a limited understanding of GDPR regulations (31%). A majority of 56% expect their organization’s data governance budget to increase to deal with GDPR challenges.